Are Online Backup Services Safe?

The recent hack of Google by Chinese espionage agencies has raised concerns about the security and safety of online backup services. Is the protection provided by Mozy, Carbonite and other popular backup services enough to keep your files safe from prying eyes?

How Safe is Online Backup?

In the case of the Google hack, it was enabled by a flaw in Microsoft's Internet Explorer browser, not by something Google did wrong, nor by anything inherently risky in cloud-based online storage. But the incident does raise some valid questions about cloud computing in general, and online data backup services in particular.

Cloud computing is inherently less secure than keeping data in-house, all else being equal. If your money is in a bank vault, it's pretty safe compared to even an armored car moving about in public. It's simply harder for bad guys to get to your data if it's never exposed on the Information Highway. But if the vault door is left open and the armored cars locked, the relative risks certainly change.

Most home computer users, and many small businesses, are quite careless with their precious data. They don't use even minimal password protection. They give everyone administrator privileges. They write passwords on Post-It notes and stick them to the monitors where it's convenient for everyone to read them. If they were banks, they'd be leaving the vault door open and the keys in the locks of safety deposit boxes.

Cloud computing (of which online backup is a specific application) is like a locked armored car staffed by armed guards. The network connections between your local network and the online backup vendor's servers are encrypted and monitored for attempts to tap into the data streaming between you and the vendor. It's certainly more secure than the wide-open bank vault I just described, and it's generally secure enough to thwart even the most well-financed hackers. The risk of a security breach during your data's transport between you and a cloud computing vendor is quite low.

Physical Security at Online Backup Providers

But what about security at the vendor's site? Online backup services such as Mozy, Carbonite, and iBackup are high-profile targets for hackers who know that many companies' valuable data are stored on these vendors' servers. Banks are targets for sophisticated criminals because lots of money is in them. So the online backup services, like banks, take much greater security precautions than the typical home user or mattress-stuffing home saver.

The first precaution taken by most online backup services is to encrypt users' data at the user's site, before it is moved across the Internet. When new data arrives at the online backup services receiving servers, it is moved immediately to a server that is not accessible via the Internet. Only when a customer requests restoration of backup data is a copy of it placed where it can be downloaded; again, the data is encrypted before it moves over the Internet.

This a pretty secure system. But what if the "bank" burns down? A big reason users turn to online backup services is to store copies of critical data in a remote location safe from local disasters such as fire, flood, earthquake, etc. But a disaster can happen at the online backup service's data center, too. If you have erased your local copies of older data, you may be out of luck if the online backup service's copy is destroyed. So you need to ask: what is the disaster recovery service provider's disaster recovery plan?

A well-run vendor will tell you, proudly, how it protects the data that you entrust to it. A less reliable vendor won't, and they'll probably tell you the secrecy is for your protection. But if knowing what sort of lock is used on a door makes it easier for thieves to pick the lock, then you need a better lock. Assume that no answer to "What's your security policy and disaster recovery plan?" means there isn't any.

Mozy, for example, has a Privacy Commitment that specifies how your information is kept private and secure. They use military-grade encryption, and world-class data centers with state-of-the-art physical and technical security. In addition, they are SAS70 certified, which means they are regularly audited to ensure that these safeguards stay in place. Carbonite gives similar assurances in their own Privacy Policy document.

Will Your Data Be There When You Need It?

How long do online backup services keep your data safe? As long you pay for the service, of course. They charge by the byte stored, so it makes no sense for the service to delete your ancient data to save storage space. You will have to decide what data you can finally let go of and delete it yourself.

But here's a related issue to consider. Suppose you have some files on your hard drive, which you know are backed up by your online backup service. You go ahead and delete them, either on purpose or accidentally. If the online backup service is designed or configured to keep your backup in sync with your hard drive, it will delete that file from the backup. Some backup services remove deleted files after a delay of a certain number of days, others may never do so. Find out what your provider's policy is, and what features your plan offers to handle this data archiving issue.

Here's the bottom line... Online backup services that are offered by large, nationwide vendors with redundant, widely dispersed, and heavily secured storage sites are a very safe place to put your data. Even an "inside job" would require an individual to have enormous amounts of time and computing power to break the 256-bit AES or 448-bit Blowfish encryption that protects your data.

There's always some risk and uncertainty when your data is stored in a remote location, but the physical security and strong encryption they provide is probably a lot better than anything you could cobble together at your home or office.

Do you have thoughts about the safety of online backup services? Post your comment or question below..

Most recent comments on "Are Online Backup Services Safe?"

MozyHome works pretty well for me – on both Mac and Windows. If you ever need it, their 2nd level support is good.

Use the following link to get 20% more space (512 Mb) on a free MozyHome 2 Gb account:

https://mozy.com/?code=D685JF

Posted by:
Tom Smith
26 Jan 2010

With external hard drives in the 1 terabyte range for less then $100 why bother backing up data to a company somewhere out there in 'The wild blue yonder'? With backup software that's free as well it makes no sense to backup your data any place else but in your own home or office!

And to show you that I do what I say, I now have over 2.5tb of data & movies all on external hard drives! When I'm not accessing the drives they are turned off or disconnected from the pc.

EDITOR'S NOTE: Why consider offsite backup? Hmmm... did you notice the image I chose to go along with this article.. the flaming house with the hard drive superimposed?

Posted by:
Joe Gill
26 Jan 2010

I do have one question about these services, and also the tools you can use to do backup at home.

What happens to JPEG images as they undergo (I assume!) compression when being stored and then decompression upon retrieval? Is there any loss of quality?

EDITOR'S NOTE: For home backup, see http://askbobrankin.com/free_backup_solutions.html

I don't think any compression is being done. Encryption, yes. But even if the files were compressed and then uncompressed, they would end up identical. JPEG image compression is very different from file compression.

Posted by:
Kahlil Black
28 Jan 2010

I would caution against being seduced by high-profile cases of data theft when the sad reality is you still probably have a much higher probability of losing data by your own hand (or that of a family member, friend or other trusted person).

Your example of reconsidering a file deletion is a good example. Another is the backup software or hardware fails un-noticed (how often does anyone test sample restores?).

So, a top consideration, after which method would you most likely use regularly, could be which method reduces human error the most and prevents accidental data harm.

Posted by:
Scott
28 Jan 2010

I didn't see this issue addressed...what happens to my data if/when I cancel my account. Is it securely deleted, or what? The issue is I actually have no real control over my data stored there, only assurances.

Posted by:
Dan
28 Jan 2010

I use Jungledisk - very inexpensive, good encryption, multiple versions of backups (which also allows recovery of deleted local files), restore to any point-in-time for which backups exist, etc. I *also* have backups at home - data mirrored to external USB drives, and backups from my laptop to my home server.

The bottom line is: if you don't have offsite backups, you don't have a complete recovery plan.

Posted by:
John Genzano
28 Jan 2010

What happens if the company goes out of business. or worse, goes bankrupt. In the case of a bankruptcy, your data may be considered a corporate asset to be sold off to pay secured creditors. It is strictly up to the judge, not the contract you have with the backup company.

Posted by:
markie carlson
28 Jan 2010

I am using Carbonite. Should I still be using the flash drives that I used to use ( and would throw them in a fireproof safe at night)?

EDITOR'S NOTE: If your computer crashes and you can't get online, a local backup is a lot more useful.

Posted by:
Robert Armstrong Jr
30 Jan 2010

The different companies and antivirus companies are offering many online backup solutions. The problem is which one is the safest to use and have the best security available. I know, that is one variable that is subject to change. I currently use Carbonite and have been satisfied with the end results, but have read where they were hacked and some information was leaked. Of course, they did not elaborate on what information was leaked.
My qauestion is this, of all the different options this story seemed to lean on Mozy. I am loyal up to a degree with software companies, but have any other companies been hacked? Which online program seems to offer the most security and confidence? Looking forward to the replies.

Posted by:
John
31 Jan 2010

I use Carbonite and have been happy with it, but I plan to buy a new computer soon. My question is, will my account transfer to my new computer and allow me to recover all my files? When I install Carbonite on the new PC will it recognize that I now have a new machine and not charge me for a new account? The uncertainty is one reason I've hesitated to buy a new computer.

EDITOR'S NOTE: I think that scenario is one of the primary reasons for using a service like Carbonite. Your old computer dies, you get a new one, and then restore your files from the backup.

Posted by:
EM Chance
02 Feb 2010

Aside from bankruptcy mentioned above what happens if the feds or a state seizes the server farm where the principals are accused of not paying taxes or being engaged in some sort of nefarious activity? It could be months before you could access your data, if at all. Heck, all the authorities have to do is seize a bank account to shut down any business.

You need TWO backups. One of them should be physical and is local to you. A clone of or a mirror image of your drive(s) if you should be hit by fire, flood, mudslide or tornado where your original installed program discs are rendered unusable.

Posted by:
dorothy
05 May 2010

Backing up online has really done me good because of only one software i use and it is the SafeCopy software backup because it takes less than 2 minutes to setup.Files backup automatically and even if my files are lost i can also recover them quickly.I got this link because i really wanted a good link where i can backup all my files and there it was www.safecopybackup.com.Since then up to date,i use SafeCopy.Chao

I have been looking at the ease of online backup services for a few years now. I feel in my case I feel I have more control over my data if I make copies to CD-R or RW.

I make two copies, one for at home and the other off-site in my safety deposit box.

I have had some experiences that backup options included in hardware and software doesn't back up as expected. The only software that I had that did a good restore was Quicken 2000 and that is limited to finances.

I think you have to consider what is the value of the data you want to backup and do you trust giving control to someone else.

Posted by:
Mike
24 Jul 2010

Well online backups are now days springing up so first.Well but it depends on the costs and the services offered.Well and to Ben safecopy backup is a very good backup service and i want to say thanks to Dorothy.Because as she says,i have personally tried out the trial version and she is right safecopy backup does not take more than 2minutes.

Posted by:
Jacky
08 Aug 2010

When choosing a backup service provider, it is important to check its business model. Free service or cheap service always has a catch, otherwise, the business cannot survive in the long term.

www.DriveHQ.com is different, it focuses on high-end services that create value and save cost for businesses. It is far more than just storage or backup. Not only you can backup files to the cloud, you can also move your entire file server, FTP server, email server, web server and backup system to the cloud. You can create sub-users and sub-groups; you can set different user roles; share different folders to different users with different permissions. For a small business, Cloud-based storage, backup, sharing and Cloud IT Solution can save you a lot of cost, while offering better, more secure and reliable services that can be accessed from anywhere.

DriveHQ.com is one of the first few companies offering such cloud based services. It is now offering the version 5.0 Cloud Storage and Cloud IT Solution. For more info, please visit: http://www.drivehq.com/. DriveHQ basic service is also free.

Posted by:
Windy
26 Aug 2010

I think with online backups,files or data are safe and incase of any disaster one can not lose data at all.Dorothy and Mike thanks for introducing safecopy backup.It is what i use now days.

Posted by:
Mitch
13 Sep 2010

I use Mozy but it is only practical for a "last ditch effort" recovery of data from a catastrophic event. It is not my primary backup.

It is just too slow and too inconvenient to use for other purposes if you have a lot of data (I'll define that as 5GB or more). Since the service does not do "ship in" backups, and charges for "ship to" recoveries, the 500GB of home photos and video I have backed up with them (that took over a year) just wouldn't be practical to recover unless all else fails.

Still, its comforting to know that the files really are protected about as well as they can be should I really need them.

Posted by:
Meckydavid
22 Sep 2010

I use Safecopy backup and it is better for me than any other backup solution.They are cost effective and so reliable i can backup multiple computers on a single account.This has saved me from spending tons of money.Thanks guys for talking about Safecopy backup.I really do enjoy their services.

Posted by:
Dave
14 Jan 2011

I think www.safecopybackup.com is fine for me.It is what am currently using.Well there are other like Dropbox,SugarSync,iDrive that really also offer great services.

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.